nerdexam
ExamsCAS-003Questions#733
CompTIA

CAS-003 · Question #733

CAS-003 Question #733: Real Exam Question with Answer & Explanation

The correct answer is A: Exploitation tools. Server A hosts a public-facing website and Server B runs internal accounting software. Both were built from the same image and patched identically. When the analyst runs the same command on both, a discrepancy in the output indicates something unexpected is present on Server A. B

Question

A security analyst is comparing two virtual servers that were bum from the same image and patched at the same regular intervals. Server A is used to host a public-facing website, and Server B runs accounting software inside the firewalled accounting network. The analyst runs the same command and obtains the following output from Server A and Server

Exhibit

CAS-003 question #733 exhibit

Options

  • AExploitation tools
  • BHash cracking tools
  • CMalware analysis tools
  • DLog analysis tools

Explanation

Server A hosts a public-facing website and Server B runs internal accounting software. Both were built from the same image and patched identically. When the analyst runs the same command on both, a discrepancy in the output indicates something unexpected is present on Server A. Because Server A is internet-facing, the most likely cause of extra running processes or installed software would be exploitation tools planted by an attacker who compromised the public-facing server. Exploitation tools (A) are software used by attackers to maintain access, pivot, or exploit further vulnerabilities after initial compromise. Hash cracking (B) and malware analysis (C) tools are less likely to be planted by an attacker. Log analysis tools (D) are legitimate administrative tools, not anomalies.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice